BYOD scheduling

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this example, a school blocks Internet access to mobile devices during class time (9am – 12pm and 1pm – 3pm).

This recipe shows how to use a schedule group and a BYOD device policy to permit mobile device Internet access before and after class time and during lunch. The school is open from 7am to 6pm.

1. Creating schedules and a schedule group

Go to Policy & Objects > Objects >
Schedules. Create recurring schedules for
the before class (7-9 am), lunch (12-1 pm), and
after class (3-6 pm) periods.

Select Create New > Schedule Group and add create the schedule group by adding the outside of class time schedules to
a schedule group.

2. Creating a policy to block mobile devices outside of class time

Go to Policy & Objects > Policy > IPv4 and create
a policy that allows Internet
access for mobile devices on the Student-net wireless network according to the schedule.

Set Incoming Interface to the wireless interface, Source Device Type to Mobile Devices (a default device group that includes tablets and mobile phones), Outgoing Interface to the Internet-facing interface, and set Schedule to the new schedule group.

3. Results

Verify that mobile devices can connect to the Internet outside of class time, when the schedule group is valid.

Go to Log & Report > Traffic Log >
Forward Traffic to view mobile device traffic.

 

When the time in the schedule is reached,
further surfing cannot continue.

This traffic does
not appear in the logs, as only allowed traffic
is logged.

For further reading, check out Managing “bring your own device” in the FortiOS 5.2 Handbook.

 

Victoria Martin

Victoria Martin

Technical Writer & Head Cookbook Chef at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

  • Was this helpful?
  • Yes   No
In this example a FortiWiFi unit provides the wireless network. The steps are the same if the wireless network is provided by FortiAP with a FortiGate as a wireless controller.
Using a device group will automatically enable device identification on the wireless interface.
  • Jonathan Coles

    Users would see the issue as blocking Internet access at certain times. But in FortiOS, access is only possible if explicitly allowed. So we create a policy to allow access only during non-class times — the inverse of the problem as described. It would smooth understanding of the solution if this was stated at the outset. The 7am and 6pm times are not mentioned in the scenario. School open/close times?